Suits and Spooks NYC will feature over 20 expert speakers in the areas of financial intelligence, special operations, information security, money laundering, and the protection of critical infrastructure.

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

June 11, 2012

SOC 2 has the potential to unify the risk assurance industry by consolidating multiple audits, standards, and compliance requirements under one umbrella engagement. However, if the market is allowed to define anything as internal controls over financial reporting (ICFR), SOC 2 is destined to fail...

Financial organizations have been working on implementing out of band authentication (OOBA) mechanisms for specific kinds of money transfers such as ACH and wires. While this authentication method does add some security to the process, it does not come without its challenges...

User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...

There is nothing that changes faster than technology, and if you are not ahead of it, you are ancient history. Within the category of technology, security is at the forefront of rapid change, and there is nothing more critical to ensure that we understand as auditors...

The types of personal information companies collect and share depends on the product or service you get from them. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history...

Just when I thought things were getting better, along comes a press release that is wrong on so many levels I don’t even know where to begin. First, SSAE 16 is not a certification. Secondly, SOC 2 is totally unrelated to SSAE 16, which is specific guidance for conducting SOC 1 reviews...

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

While maintaining the focus on the continual optimization of the SOX program, 22nd edition conference will draw on the more recent challenges being faced by SOX professionals in light of the recent economic climate and new Dodd-Frank requirements...

The system is vulnerable to attacks that would have great consequences to the financial system within the US as well as potentially the world. Perhaps Mr. Kass is just looking to leverage the fear, perhaps he is trying to fire off the "Bat Signal” that something is wrong or inevitable...

Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been issued by BITS...

It is possible to secure systems against most cybercrime but that level of security often proves too inconvenient for consumers. As long as banks continue absorbing losses from fraud, consumers remain blissfully ignorant of the consequences of inadequate security...

The genesis for these apps came from the realization that looking back at a series of bank accounts or a tax return was all very well, but it would do nothing to help individuals get a picture of their ability to afford their life a week, a month or a year into the future...